<?

/**
 * @package     JohnCMS
 * @link        http://johncms.com
 * @copyright   Copyright (C) 2008-2011 JohnCMS Community
 * @license     LICENSE.txt (see attached file)
 * @version     VERSION.txt (see attached file)
 * @author      http://johncms.com/about
 */
 
// EDITED BY NGADIMIN @ HTTP://WWW.NGUPRUS.COM REMOD BY RYAND_BLENDS
// Visit http://www.nguprus.com
// Visit http://wap.blendscore.com
/*
-----------------------------------------------------------------
?????? ?? ?????????????
-----------------------------------------------------------------
*/
switch ($act) {

    case 'say':
        /*
        -----------------------------------------------------------------
        ?????????? ?????? ?????
        -----------------------------------------------------------------
        */
        $admset = isset($_SESSION['ga']) ? 1 : 0; // ?????? ???? ?????????, ? ????? ???? (1), ??? ? ????????? (0)
        // ????????? ? ???????????? ??????
        $name = isset($_POST['name']) ? functions::checkin(mb_substr(trim($_POST['name']), 0, 20)) : '';
        $msg = isset($_POST['msg']) ? functions::checkin(mb_substr(trim($_POST['msg']), 0, 5000)) : '';
        $trans = isset($_POST['msgtrans']) ? 1 : 0;
        $code = isset($_POST['code']) ? trim($_POST['code']) : '';
        $from = $user_id ? $login : mysql_real_escape_string($name);
        // ???????? ?????????
        if ($trans)
            $msg = functions::trans($msg);
        // ????????? ?? ??????
        $error = array();
        $flood = FALSE;
        if (!isset($_POST['token']) || !isset($_SESSION['token']) || $_POST['token'] != $_SESSION['token']) {
            $error[] = $lng['error_wrong_data'];
        }
        if (!$user_id && empty($name))
            $error[] = $lng['error_empty_name'];
        if (empty($msg))
            $error[] = $lng['error_empty_message'];
        if ($ban['1'] || $ban['13'])
            $error[] = $lng['access_forbidden'];
        // CAPTCHA ??? ??????
        if (!$user_id && (empty($code) || mb_strlen($code) < 4 || $code != $_SESSION['code']))
            $error[] = $lng['error_wrong_captcha'];
        unset($_SESSION['code']);
        if ($user_id) {
            // ???????? ??? ?????????????????? ?????????????
            $flood = functions::antiflood();
        } else {
            // ???????? ??? ??????
            $req = mysql_query("SELECT `time` FROM `guest` WHERE `ip` = '$ip' AND `browser` = '" . mysql_real_escape_string($agn) . "' AND `time` > '" . (time() - 60) . "'");
            if (mysql_num_rows($req)) {
                $res = mysql_fetch_assoc($req);
                $flood = time() - $res['time'];
            }
        }
        if ($flood)
            $error = $lng['error_flood'] . ' ' . $flood . '&#160;' . $lng['seconds'];
        if (!$error) {
            // ???????? ?? ?????????? ?????????
            $req = mysql_query("SELECT * FROM `guest` WHERE `user_id` = '$user_id' ORDER BY `time` DESC");
            $res = mysql_fetch_array($req);
            if ($res['text'] == $msg) {
                header("location: index.php");
                exit;
            }
        }
        if (!$error) {
            // ????????? ????????? ? ????
            mysql_query("INSERT INTO `guest` SET
                `adm` = '$admset',
                `time` = '" . time() . "',
                `user_id` = '" . ($user_id ? $user_id : 0) . "',
                `name` = '$from',
                `text` = '" . mysql_real_escape_string($msg) . "',
                `ip` = '" . core::$ip . "',
                `browser` = '" . mysql_real_escape_string($agn) . "',
                `otvet` = ''
            ");
            // ????????? ????? ?????????? ????? (????????)
            if ($user_id) {
                $postguest = $datauser['postguest'] + 1;
                mysql_query("UPDATE `users` SET `postguest` = '$postguest', `lastpost` = '" . time() . "' WHERE `id` = '$user_id'");
            }
            header('location: index.php');
        } else {
            echo functions::display_error($error, '<a href="index.php">' . $lng['back'] . '</a>');
        }
        break;



    case 'ga':
        /*
        -----------------------------------------------------------------
        ???????????? ?????? ?????? ???????? / ?????-????
        -----------------------------------------------------------------
        */
        if ($rights >= 1) {
            if (isset($_GET['do']) && $_GET['do'] == 'set') {
                $_SESSION['ga'] = 1;
            } else {
                unset($_SESSION['ga']);
            }
        }

    default:
        /*
        -----------------------------------------------------------------
        ?????????? ????????, ??? ????? ????
        -----------------------------------------------------------------
        */
        if (!$set['mod_guest'])
            echo '<div class="alarm">' . $lng['guestbook_closed'] . '</div>';
        if ($rights > 0) {
            $menu = array();
            $menu[] = isset($_SESSION['ga']) ? '<a href="/index.php?act=ga">' . $lng['guestbook'] . '</a>' : '<b>' . $lng['guestbook'] . '</b>';
            $menu[] = isset($_SESSION['ga']) ? '<b>' . $lng['admin_club'] . '</b>' : '<a href="/index.php?act=ga&amp;do=set">' . $lng['admin_club'] . '</a>';
            if ($rights >= 7)
                $menu[] = '<a href="/guestbook/index.php?act=clean">' . $lng['clear'] . '</a>';
            
        }
        // ????? ????? ?????? ?????????
        if (($user_id || $set['mod_guest'] == 2) && !isset($ban['1']) && !isset($ban['13'])) {
            $token = mt_rand(1000, 100000);
            $_SESSION['token'] = $token;
         if (($_SERVER['PHP_SELF']=='/guestbook/index.php') || ($_SERVER['PHP_SELF']=='/forum/index.php') || ($_SERVER['PHP_SELF']=='/users/profile.php') || ($_SERVER['PHP_SELF']=='/library/index.php'))
            echo '';
      else{
            echo '<div class="list1" align="center" style="margin:-1px"><form name="form" action="index.php?act=say" method="post">';
            echo '<textarea rows="' . $set_user['field_h'] . '" name="msg"></textarea>';
            if ($set_user['translit'])
                echo '<input type="checkbox" name="msgtrans" value="1" />&nbsp;' . $lng['translit'] . '<br/>';
            if (!$user_id) {
                // CAPTCHA ??? ??????
                echo'<img src="../captcha.php?r=' . rand(1000, 9999) . '" alt="' . $lng['captcha'] . '"/><br />' .
                    '<input type="text" size="5" maxlength="5"  name="code"/>&#160;' . $lng['captcha'] . '';
            }
            echo'<input type="hidden" name="token" value="' . $token . '"/>' .
                '<input type="submit" name="submit" value="' . $lng['sent'] . '"/></form></div>';
         }
        } else {
            echo '<div class="rmenu">' . $lng['access_guest_forbidden'] . '</div>';
        }
        break;

}

if ($headmod != "guestbook" && $headmod != "pradd" && $headmod != "load") {
$shout = mysql_result(mysql_query("SELECT COUNT(*) FROM `guest` WHERE `adm`='0'"), 0);
if ($shout) {
$req = mysql_query("SELECT `guest`.*, `guest`.`id` AS `gid`, `users`.`rights`, `users`.`lastdate`, `users`.`sex`, `users`.`status`, `users`.`datereg`, `users`.`name`, `users`.`id` FROM `guest` LEFT JOIN `users` ON `guest`.`user_id` = `users`.`id`
WHERE `guest`.`adm`='0' ORDER BY `time` DESC LIMIT 4");
while ($res = mysql_fetch_array($req)) {
echo ceil(ceil($blends / 2) - ($blends / 2)) == 0 ? '<div class="list1"">' : '<div class="list2"">';

if ($set_user['avatar']) {
echo '<table><tr><td align="left" valign="top">';
if (file_exists(($rootpath.'files/users/avatar/' . $res['user_id'] . '.png')))
echo '<img class="avatar" src="'.$set['homeurl'].'/files/users/avatar/' . $res['user_id'] . '.png" width="32" height="32" alt="' . $res['name'] . '" />&#160;';
else
echo '<img class="avatar" src="'.$set['homeurl'].'/images/empty.png" width="32" height="32" alt="' . $res['name'] . '" />&#160;';
echo '</td><td align="left">';
}
echo (time() > $res['lastdate'] + 300 ? '<span class="red">&bull;</span>&#160;' : '<span class="green">&bull;</span>&#160;');           

if (!empty($user_id) && ($user_id != $req['user_id'])) {
echo '<a href="../users/profile/'.$res['name'] .'"><b>'.$res['name'] .'</b></a> ';
} else {
echo '<b>' . $res['name'] . '</b> ';
}
echo '<span class="gray">@' . $res['name'] . '</span></br>';         
$post = htmlentities($res['text'], ENT_QUOTES, 'UTF-8');
$post = bbcode::tags($post);
$post = str_replace("\r\n", "</br>", $post);
if ($res['user_id']) {

# MENAMPILKAN SMILEYS
$post = functions::checkout(mb_substr($res['text'], 0, 150), 1, 1);
if ($set_user['smileys'])
$post = functions::smileys($post, $res['rights'] >= 1 ? 1 : 0);

# Menampilkan Text
if (mb_strlen($res['text']) > 40)
{
echo '</br>' . $post . ' ';
echo '... [<a href="../guestbook/index.php">Read More ...</a>]';
} else {
echo $post;
}
echo '</td></tr></table></div>';
++$blends;
}
}
} else {
echo '<div class="menu">' . $lng['guestbook_empty'] . '</div>';
}
}
echo '</div>';